293 lines
11 KiB
JavaScript
293 lines
11 KiB
JavaScript
/**
|
|
* @param {string} key
|
|
* @param {boolean} FullAccess
|
|
* @param {string} RoleName
|
|
* @returns {string}
|
|
*/
|
|
|
|
app.use("/CreateNewRole.lvorex", express.json())
|
|
app.post("/CreateNewRole.lvorex", async (req, res) => {
|
|
const postBody = req.body
|
|
const { keyFound, userKey } = await controlKey(req, postBody.key)
|
|
|
|
if (keyFound === false) return res.json({ code: 404, message: "Not authorized." })
|
|
const PermissionCheck = await checkPermission(userKey.rank, "Management", 3)
|
|
if (!PermissionCheck) return res.json({ code: 401, message: "Your rank is not enough." })
|
|
|
|
let result = await query(`
|
|
insert into \`madmin_permissions\` (
|
|
\`name\`,
|
|
${postBody.FullAccess ? '\`pattern\`,' : ''}
|
|
\`createdBy\`
|
|
) values (
|
|
'${postBody.RoleName.replaceAll("'", "\\'")}',
|
|
${postBody.FullAccess ? '\'{"FullPermission": true,"Dashboard":[true,true,true,true,true,true],"Players":[true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true],"Accounts":[true,true,true],"LiveMap":[true,true],"Vehicles":[true,true,true,true,true,true],"Items":[true,true],"Jobs":[true,true,true,true,true],"Factions":[true,true,true,true,true],"Logs":[true],"LiveConsole":[true],"Resources":[true,true],"Admins":[true,true,true],"Management":[true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true]}\',' : ''}
|
|
'${userKey.userName.replaceAll("'", "\\'")}'
|
|
)
|
|
`)
|
|
if (result === false) return res.json({ code: 404, message: "SQL Error Appeared." })
|
|
|
|
res.json({ code: 200, message: `${postBody.RoleName} successfully created.` })
|
|
})
|
|
|
|
/**
|
|
* @param {string} key
|
|
* @param {JSON} AcceptedRequest
|
|
* @returns {string}
|
|
*/
|
|
|
|
app.use("/AcceptRegisterRequest.lvorex", express.json())
|
|
app.post("/AcceptRegisterRequest.lvorex", async (req, res) => {
|
|
const postBody = req.body
|
|
const { keyFound, userKey } = await controlKey(req, postBody.key)
|
|
|
|
if (keyFound === false) return res.json({ code: 404, message: "Not authorized." })
|
|
const PermissionCheck = await checkPermission(userKey.rank, "Management", 2)
|
|
if (!PermissionCheck) return res.json({ code: 401, message: "Your rank is not enough." })
|
|
|
|
const { AcceptedRequest } = postBody
|
|
|
|
let result = await query(`
|
|
insert into \`madmin_accounts\` (
|
|
\`username\`,
|
|
${AcceptedRequest.password ? '\`password\`,' : ''}
|
|
\`discord\`,
|
|
\`avatar\`,
|
|
\`rank\`,
|
|
\`ip\`,
|
|
\`accountType\`,
|
|
${AcceptedRequest.discord_token ? '\`discord_token\`,' : ''}
|
|
\`darkMode\`,
|
|
\`discord_avatar\`
|
|
) values (
|
|
'${AcceptedRequest.username.replaceAll("'", "\\'")}',
|
|
${AcceptedRequest.password ? "'"+sha1(AcceptedRequest.password)+"'," : ''}
|
|
'${AcceptedRequest.discord ? AcceptedRequest.discord : ''}',
|
|
'${AcceptedRequest.avatar}',
|
|
'${AcceptedRequest.rank.replaceAll("'", "\\'")}',
|
|
'${sha1(AcceptedRequest.ip)}',
|
|
'${AcceptedRequest.accountType}',
|
|
${AcceptedRequest.discord_token ? "'"+AcceptedRequest.discord_token+"'," : ''}
|
|
'${AcceptedRequest.darkMode}',
|
|
'${AcceptedRequest.discord_avatar}'
|
|
)
|
|
`)
|
|
if (result === false) return res.json({ code: 404, message: "SQL Error Appeared." })
|
|
|
|
result = await query(`
|
|
update \`madmin_registers\`
|
|
set \`request\` = 0
|
|
where \`username\` = '${AcceptedRequest.username.replaceAll("'", "\\'")}'
|
|
`)
|
|
if (result === false) return res.json({ code: 404, message: "SQL Error Appeared." })
|
|
|
|
res.json({ code: 200, message: "Request successfully accepted." })
|
|
})
|
|
|
|
/**
|
|
* @param {string} key
|
|
* @param {string} DeniedName
|
|
* @returns {string}
|
|
*/
|
|
|
|
app.use("/DenyRegisterRequest.lvorex", express.json())
|
|
app.post("/DenyRegisterRequest.lvorex", async (req, res) => {
|
|
const postBody = req.body
|
|
const { keyFound, userKey } = await controlKey(req, postBody.key)
|
|
|
|
if (keyFound === false) return res.json({ code: 404, message: "Not authorized." })
|
|
const PermissionCheck = await checkPermission(userKey.rank, "Management", 2)
|
|
if (!PermissionCheck) return res.json({ code: 401, message: "Your rank is not enough." })
|
|
|
|
const { DeniedName } = postBody
|
|
let result = await query(`
|
|
update \`madmin_registers\`
|
|
set \`request\` = -1
|
|
where \`username\` = '${DeniedName.replaceAll("'", "\\'")}'
|
|
`)
|
|
if (result === false) return res.json({ code: 404, message: "SQL Error Appeared." })
|
|
|
|
res.json({ code: 200, message: "Request successfully denied." })
|
|
})
|
|
|
|
/**
|
|
* @param {string} key
|
|
* @param {JSON} ExpectedRole
|
|
* @returns {string}
|
|
*/
|
|
|
|
app.use("/DeleteRole.lvorex", express.json())
|
|
app.post("/DeleteRole.lvorex", async (req, res) => {
|
|
const postBody = req.body
|
|
const { keyFound, userKey } = await controlKey(req, postBody.key)
|
|
|
|
if (keyFound === false) return res.json({ code: 404, message: "Not authorized." })
|
|
const PermissionCheck = await checkPermission(userKey.rank, "Management", 4)
|
|
if (!PermissionCheck) return res.json({ code: 401, message: "Your rank is not enough." })
|
|
|
|
const { ExpectedRole } = postBody
|
|
let result = await query(`
|
|
delete from \`madmin_permissions\`
|
|
where \`name\` = '${ExpectedRole.name}'
|
|
`)
|
|
if (result === false) return res.json({ code: 404, message: "SQL Error Appeared." })
|
|
|
|
result = await query(`
|
|
update \`madmin_accounts\`
|
|
set \`rank\` = 'Not Authorized'
|
|
where \`rank\` = '${ExpectedRole.name.replaceAll("'", "\\'")}'
|
|
`)
|
|
if (result === false) return res.json({ code: 404, message: "SQL Error Appeared." })
|
|
|
|
res.json({ code: 200, message: `${ExpectedRole.name} Successfully deleted.` })
|
|
})
|
|
|
|
/**
|
|
* @param {string} key
|
|
* @param {JSON} NewPatternDraft
|
|
* @param {JSON} ChangedCategories
|
|
* @param {string} RoleName
|
|
* @returns {string}
|
|
*/
|
|
|
|
app.use("/UpdateRole.lvorex", express.json())
|
|
app.post("/UpdateRole.lvorex", async (req, res) => {
|
|
const postBody = req.body
|
|
const { keyFound, userKey } = await controlKey(req, postBody.key)
|
|
if (keyFound === false) return res.json({ code: 404, message: "Not authorized." })
|
|
|
|
const { NewPatternDraft, RoleName } = postBody
|
|
|
|
const CategoryToPerm = {
|
|
"Dashboard": 7,
|
|
"Players": 8,
|
|
"Accounts": 9,
|
|
"LiveMap": 10,
|
|
"Vehicles": 11,
|
|
"Items": 12,
|
|
"Jobs": 13,
|
|
"Factions": 14,
|
|
"Logs": 15,
|
|
"LiveConsole": 16,
|
|
"Resources": 17,
|
|
"Admins": 18,
|
|
"Management": 19
|
|
}
|
|
|
|
const RoleChangedCategories = {
|
|
"Dashboard": false,
|
|
"Players": false,
|
|
"Accounts": false,
|
|
"LiveMap": false,
|
|
"Vehicles": false,
|
|
"Items": false,
|
|
"Jobs": false,
|
|
"Factions": false,
|
|
"Logs": false,
|
|
"LiveConsole": false,
|
|
"Resources": false,
|
|
"Admins": false,
|
|
"Management": false
|
|
}
|
|
|
|
const NewPattern = {
|
|
FullPermission: false
|
|
}
|
|
Object.entries(NewPatternDraft).forEach(([k,v]) => {
|
|
NewPattern[k] = []
|
|
v.forEach(vv => {
|
|
NewPattern[k].push(vv.checkmark)
|
|
})
|
|
})
|
|
|
|
let falseFound = false
|
|
Object.entries(NewPattern).forEach(([k,v]) => {
|
|
if (k === "FullPermission") return
|
|
v.forEach(vv => {
|
|
if (vv === false) return falseFound = true
|
|
})
|
|
})
|
|
if (falseFound === false) {
|
|
NewPattern.FullPermission = true
|
|
}
|
|
|
|
const CurrentPermissions = await getAllPermissions(RoleName)
|
|
if (!CurrentPermissions) return res.json({ code: 404, message: "An error appeared. Control the console." })
|
|
|
|
Object.entries(NewPattern).forEach(([k,v]) => {
|
|
if (k === "FullPermission") return
|
|
if (JSON.stringify(NewPattern[k]) !== JSON.stringify(CurrentPermissions[k])) {
|
|
RoleChangedCategories[k] = true
|
|
}
|
|
})
|
|
|
|
for await (const [category, value] of Object.entries(RoleChangedCategories)) {
|
|
if (value === true) {
|
|
const PermissionCheck = await checkPermission(userKey.rank, "Management", CategoryToPerm[category])
|
|
if (!PermissionCheck) return res.json({ code: 401, message: "Your rank is not enough." })
|
|
} else continue
|
|
}
|
|
|
|
let result = await query(`
|
|
update \`madmin_permissions\`
|
|
set \`pattern\` = '${JSON.stringify(NewPattern)}'
|
|
where \`name\` = '${RoleName}'
|
|
`)
|
|
if (result === false) return res.json({ code: 404, message: "SQL Error Appeared." })
|
|
|
|
res.json({ code: 200, message: "Role successfully updated." })
|
|
})
|
|
|
|
/**
|
|
* @param {string} key
|
|
* @param {string} ExpectedUser
|
|
* @returns {string}
|
|
*/
|
|
|
|
app.use("/TakeRoleFromUser.lvorex", express.json())
|
|
app.post("/TakeRoleFromUser.lvorex", async (req, res) => {
|
|
const postBody = req.body
|
|
const { keyFound, userKey } = await controlKey(req, postBody.key)
|
|
|
|
if (keyFound === false) return res.json({ code: 404, message: "Not authorized." })
|
|
const PermissionCheck = await checkPermission(userKey.rank, "Management", 6)
|
|
if (!PermissionCheck) return res.json({ code: 401, message: "Your rank is not enough." })
|
|
|
|
const { ExpectedUser } = postBody
|
|
let result = await query(`
|
|
update \`madmin_accounts\`
|
|
set \`rank\` = 'Not Authorized'
|
|
where \`username\` = '${ExpectedUser.replaceAll("'", "\\'")}'
|
|
`)
|
|
if (result === false) return res.json({ code: 404, message: "SQL Error Appeared." })
|
|
|
|
res.json({ code: 200, message: `Role successfully taken.` })
|
|
})
|
|
|
|
/**
|
|
* @param {string} key
|
|
* @param {string} User
|
|
* @param {string} RoleName
|
|
* @returns {string}
|
|
*/
|
|
|
|
app.use("/SetRoleToUser.lvorex", express.json())
|
|
app.post("/SetRoleToUser.lvorex", async (req, res) => {
|
|
const postBody = req.body
|
|
const { keyFound, userKey } = await controlKey(req, postBody.key)
|
|
|
|
if (keyFound === false) return res.json({ code: 404, message: "Not authorized." })
|
|
const PermissionCheck = await checkPermission(userKey.rank, "Management", 5)
|
|
if (!PermissionCheck) return res.json({ code: 401, message: "Your rank is not enough." })
|
|
|
|
const { User, RoleName } = postBody
|
|
|
|
let result = await query(`
|
|
update \`madmin_accounts\`
|
|
set \`rank\` = '${RoleName.replaceAll("'", "\\'")}'
|
|
where \`username\` = '${User.replaceAll("'", "\\'")}'
|
|
`)
|
|
if (result === false) return res.json({ code: 404, message: "SQL Error Appeared." })
|
|
|
|
res.json({ code: 200, message: `${RoleName} successfully setted to ${User}.` })
|
|
}) |